The rise in cyberattacks targeting small and medium-sized enterprises (SMEs) highlights the urgent need for information security management models that are both effective and accessible. This study proposes an Information Security Management System (ISMS) model that harmonizes the ISO/IEC 27001:2022 standard with the NIST Cybersecurity Framework v1.1, specifically adapted to the context of SMEs in Peru’s fashion sector. A case study was conducted at Big Panda Clothing, applying key phases such as the assessment of the current security posture, asset identification and classification, risk analysis, development of security policies, and the implementation of continuous cybersecurity training. The validation of the proposed model projected an increase in the organization’s information security maturity level from 1.58 to 2.57, indicating meaningful improvements in cyber resilience and the protection of critical assets. The results suggest that the ISMS model provides a practical and replicable approach for SMEs, offering a sustainable strategy to address cybersecurity challenges in increasingly vulnerable digital environments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

An Information Security Management System Model Based on ISO/IEC 27001:2022 for Mitigating Cyberattacks in Peruvian Fashion-Sector SMEs

  • Marcos Chenssen Carlos Aviles,
  • Gianella Rosa Garcia Aquino,
  • Daniel Wilfredo Burga Durango,
  • Carlos Alberto Tello Sáenz

摘要

The rise in cyberattacks targeting small and medium-sized enterprises (SMEs) highlights the urgent need for information security management models that are both effective and accessible. This study proposes an Information Security Management System (ISMS) model that harmonizes the ISO/IEC 27001:2022 standard with the NIST Cybersecurity Framework v1.1, specifically adapted to the context of SMEs in Peru’s fashion sector. A case study was conducted at Big Panda Clothing, applying key phases such as the assessment of the current security posture, asset identification and classification, risk analysis, development of security policies, and the implementation of continuous cybersecurity training. The validation of the proposed model projected an increase in the organization’s information security maturity level from 1.58 to 2.57, indicating meaningful improvements in cyber resilience and the protection of critical assets. The results suggest that the ISMS model provides a practical and replicable approach for SMEs, offering a sustainable strategy to address cybersecurity challenges in increasingly vulnerable digital environments.